"yo FYI you're currently logged in to Gmail"
More like : "yo FYI we're slurping your data wheter you want us to or not"...
Google's Chrome lost more of its shine over the weekend – after the normally calm and reasoned world of Twitter erupted when folks realized the search giant was automatically signing them into its browser. The change appeared in Chrome 69, which rolled out at the beginning of September and initially occupied users with the …
The problem isn't the "google slurp" alone. If you log into Google and those cookies are available, then ANY web site that has a 'tracker bug' on it can load the cookies. You know, "3rd party cookies", or maybe just some iframe that collects the data ON THEIR BEHALF (and then 'phones home' or allows direct access at a later time). So WHO is to say you're "not being tracked", when you can EASILY be tracked, just because YOU are "identified" by your GOOGLE LOGIN!
I've had the SAME complaint about the 'Micro-shaft CLOUDY Logon'. ABusing this would be TRIVIALLY EASY, and most likely very easy to TRACK IT BACK TO YOU, perhaps your e-mail address, cell phone number, physical address, and ANY OTHER information that can be purchased from Google based on your "unique identity" in their system.
So maybe Google doesn't track you SPECIFICALLY. But the sites you visit... I bet _THEY_ do!
[and once your IP address for a given block of time can be correlated to your google e-mail address and other such info, I _GUARANTEE_ this information will become available 'as a service' to those who don't deal directly with Google; they'll just be able to plug in YOUR IP and the date/time of access and get YOU and correlate it and track behind the scenes, etc. etc. etc.]
Yeah, this would be EASY to set up. Really. And with all of the IT pros who visit EL Reg, it should be obvious to most of YOU, too.
@bombastic bob
I'm sure I'm going to regret telling you this, but you have a silver badge, so you can use html tags (such as em, and strong) in your posts, so you DON'T need TO capitalise random WORDS any more, ok?
At least we can all be thankful elReg doesn't implement the <blink> tag.
A bit off topic I suppose but your mention of a silver badge hit a nerve.
I used to have one but it disappeared a while ago.
As you can see I still have the html privileges but I want my badge back!
Alternatively it could be a post-badge syndrome a bit like when an MD becomes a surgeon and reverts to "Mister".
I work for a printer and ink company with a two letter name that used to be named after its founders.
Had a customer call in with a bulk case the other day named Yo Guy. No joke. I'm just glad quality didn't pull that call, they'd have nailed me to the floorboards for not saying her name, or for saying it. Either way there I'd have lost.
Its still better than a sales trainer at my last job who was named Dang Lo. I'd have probably never believed it had I not met the man.
Apart from the internet's greatest forte—that of increasing the entropy of spelling and grammar faster than any other mechanism known to humankind—I'm getting to the age where I just cannot fathom how we've gotten to the point where we've let these arrogant, usurping, corporate carpetbaggers who peddle privacy-leaking crapware overrun and commandeer our internet without a struggle. It simply defies me.
Are we so addicted to the electronic heroin these corporations peddle that we've actually lost true sense of reality; or is it that we've become so busy with the circus of modern-day life—or both—that we've simply become incapable of complaining any longer?
Given the actual damage and harm these bastards have done to us in recent years, we ought to be rioting in the streets.
It's reached the point that I think humanity would have been better off with no Internet, and certainly no mobile phones. And that's coming from someone who dreamed of building such technology (and actually did, though the results were far more brick-like and limited in true homebrew form) in his younger years.
Certainly not the future we were all sold, is it?
Same here.
The other things I find irritating are those lazy twits that insist on using "ur" instead of "you're", typing everything lower case and leaving out apostrophes.
Arghh...
A tech support twit at a former employer used to send out tech notes using the "tricks" I mentioned above. Just for fun I would correct all his typos, insert appropriate notes and do a reply-all.
Frankly, I accepted a long time ago that using Chrome meant that Google could see whatever I was doing. When I'm watching something on Youtube in the evening and decide to go to bed, finishing watching whatever it is on my laptop without having to keep track of where I was is handy.
Buying stuff and online banking is done in Firefox.
In my experience, Chrome is a superior browser - RAM hogs aren't an issue if you've got stacks of RAM. The UI doesn't do backflips every other week that requires extensive effort to get back to the way you had set it up, and it's more stable. Before you get your pitchforks and torches out, this is my experience. YMMV.
Frankly, if there's one company I trust to not lose my data or spaff it all over the interwebs, it's Google - I know exactly what Google are doing with my data - trying to make money from me. If I view everything Google serves with the level of black cynicism that everything on the internet requires, then they're not doing a good enough job.
Google is not trying to make money, they're actually making insane amount of money irrespective of your posture. But you're using a superior browser which I for myself don't. I've been a FF user since the age when is was named Phoenix (this is pre-Y2k for young people here) and I've yet to experience those UI back-flips or memory issues you're talking about.
Kind of funny, I've been using it since Phoenix myself, and have been alpha and beta testing since Firebird 0.6. Its my daily driver and I don't really see myself using anything else if I can at all avoid it.
As much as I love Fx, you're displaying a remarkable selective memory if you don't recall the memory leak issues which existed from 3.7a4 (the first WebM release) until about Firefox 10. Google spreading FUD about that and Mozilla doing nothing about it to counter it, because Google was paying our bills at the time, is what drove Chrome's adoption really.
Now the UI backflips, I have no idea what they mean by that. Aside from hiding the title bar and making it look like Chrome, which can be disabled in three clicks, it hasn't changed much since Firebird, warts like nested tabs in the preferences menu and all. Plus, you could always change it if you didn't like something or use a theme. I used Nautopolis until Quantum came out and dropped compatability for it.
I've been a FF user since the age when is was named Phoenix (this is pre-Y2k for young people here)
Oh! Oh! We're playing old-person games! Let me play! I've been using Netscape since I had to buy Netscape Navigator on floppy disk. Came in a big mostly white box. Green icon with a lighthouse. It was pretty!
And before that, NCSA Mosaic. Came in a nothing, because 9600 baud modem and... ZMODEM transfers? My memory is cloudy around that time.
Yup, started on Mosaic 1.0 (and gopher before that) back in the days when NCSA maintained a "new websites of the month" page. And presciently one of the earliest entries was the CS dept of a Dutch University which advertised the fact that it held the largest collection of online pron in Europe!
Reason to use Chrome? Well, most websites are configured to run it, and I wouldn't use Edge if they paid me.
OTOH I've got Firefox configured with adblock, noscript and anti-tracking devices along with almost every other type of plug-in disabled, with the result that some websites simply refuse to run. Others are recursive - enable one lot of blocked sites on a webpage to run scripts and they load another lot that want to run their scripts too.
Mostly I just ditch the sites, but occasionally I need the content. So I fire up Chrome (which I regard as insecure by definition) read the contents and close it down again.
That was true for IE also years ago, but it didn't stop people to loathe it and look for alternatives.
But it is true that also many web developers are clueless people who are giving Google a great help doing exactly what they hated about Microsoft - showing an utterly lack of understanding - you don't "hate" a company because its name, you should "hate" it because the way it acts, and Goggle is simply the new Microsoft - in some ways even worse since you're the product, not the customer.
Frankly, if there's one company I trust to not lose my data or spaff it all over the interwebs, it's Google - I know exactly what Google are doing with my data - trying to make money from me.
This makes absolutely no sense at all.
Maybe there is a Freudian undercurrent in this hogwash, but I can't find it.
It's creeping compulsion. Google exists to monetise people's private data. Auto-login simply makes it easier to profile 'customers'. At least they're making a teeny effort to let users know. Problem is a lot of users won't necessarily know the implications. Like you logged in to the services, therefore consented to the privacy policy. That page you clicked 'Agree' on to make it go away.
If users stopped and read those, especially if they were written in plain language, fewer users might consent. But that's a wider problem. I've just remembered to fill in my UK electoral register form. That's always been a bit of fun given it's traditionally been used by the junk mail industry to help fill our recycling bins. On the 'Declaration' section where it tells you failing to complete the form could result in a £1,000 fine, it asks for your phone & email.. Which aren't needed, but are valuable.
This is just part of the Google environment and the public seem to accept it as such. Think of all those "apps" that they have to have* but which then grant themselves permission to view your contacts, camera,search history,phone logs,email account and browsing history. And the public neither know nor care.
Even when not one of these is relevant to the function.
*I wouldn't give many of them space on my phone. Pretty much all of then are devious money grabbing piles of shit. But when the Windows phone failed to attract them, think of all the fuss and criticism because of it.
Be sure to tick the box that says that you “opt out of the open register” (Or, in these GDPR times, is it now “tick if you want to opt in”? I didn’t particularly notice this year, because I only had to go to the webform (operated by a third party, annoyingly) to note that none of the details at my address had changed since last year).
But, yes, don’t give them an email address or phone number unless for some reason you really want to (although I don’t think those data get copied onto the open (spammers’) register, only home addresses?).
I have killed my gmail accounts. All of them. (I had four.) I have killed my Google Play Store account. (just one, attached to one of the gmail accounts.) I have deleted all things Google from my system. This includes Maps and Waze on my iOS devices. This includes DNS, on all systems where I can easily change DNS.
I have, of course, deleted Chrome and all of the crap installed with it.
Good-bye, Google. I won't say that it's been fun, because it hasn't.
> I have killed my Google Play Store account.
Music or videos?
If the former, have a look at Subsonic. I got pissed off with Play Music a few years ago, so spun up an instance of Subsonic on a VM and haven't really looked back. The only thing is, the free app for Android is was a bit shit, so I paid £3 for an app called Dsub instead - there's probably some iOS alternative if the subsonic app for that misbehaves
And you think that matters at all to Google? It doesn't. I deleted my Facebook account three years ago and I still see echoes of it all over the place. Considering that Google is more pervasive than Facebook, I'd imagine that you'll be seeing reflections of your old account til the day you die.
Plus, they have enough data on you and get more on you constantly through third parties that even if you never use another Google service in your life they can still monetize you. And they certainly will.
I will say its cute that you think that somehow makes a difference and that somehow you're important in the grand scheme of things.
So your recommendation is that he does nothing and continues to feed data directly into their system?
It may not make a different to Google, and doesn't stop them using the data they've already gleaned (and the bits of data they will still manage to glean), but being an arse and criticising someone for deciding to stop wilfully handing over data does no one any favours, least of all you.
"I use Firefox on Android."
The nice thing about Firefox on Android (and everywhere else) is that you can still add extensions like HTTPS Everywhere and uMatrix.
I did have a little trouble with setting rules in uMatrix on Android because the UI was not designed for a tiny mobile screen but that was easily resolved by importing rules I had saved from my desktop version of uMatrix.
Interesting side note: trying to run those two Firefox extensions on a certain Chinese mobile device causes the Firefox browser to crash and sometimes even send you back to the lock screen.
uMatrix rules set to block all Facebook, Twiiter and other social media scripts.
(It shall be interesting to view logcat logs to see what is happening.)
>> Where is this Android version?
The android version of Palemoon was removed from Google Play because it was very much out of date and nobody was interested in maintaining it. See Moonchild's post from Oct 2017:
Obviously if you're already a Full Google Fanboy it makes no difference, your settings will already have been set up so your Google account is linked to Google's ad network, your location is known, and all browser data is synced up anyway.
For the rest however, some people want a choice not to have Google standing behind them, breathing down their neck, and "getting right up to the creepy line and not crossing it" (note: creepy line seems to have moved a bit since Schmit's day).
Schmidt was always creepy,. He's a creep. The other founders are obvious creeps. The bit about up to a line is a creepy thing to say, and a lie like everything else they say. Don't be evil was coined by an ad agency who did work for big tobacco, so very likely to be totally sincere like big tobacco is and was..
All creeps, each and every. They are the new Catholic church, holding and storing millions of child porn images that are being sexted between people below the age of consent, yet nothing is being done.
We can all help by securing everyone around us, but it is an uphill battle, they don't get it. There's one more born every minute.
We need public hangings for people like this.
Not that I use Chrome for anything but the occasional test. When I need the chrome engine, I use SRWare Iron which studiously strips out the standard Chrome poison.
But I have clients who use Chrome and I have managed to persuade some of them to use Keepass.
If Chrome is able to log those users in without consent, it implies they're keeping our passwords in plaintext. (or, possibly, encrypted but with a key of their own) as opposed to the usual salted hash.
Anyone know the score on that?
You need to have previously signed into chrome (and not disabled syncing) for it to work. I only use Chrome for development, never signed in - but I was able to login to gmail without any side effects.
I'm guessing chrome "sniffs" the security token from google sites, and detects that it's one of the user's it knows about, and uses it to sign you into chrome.
What a cretin, I just tried, and it hasn't done anything of the sort, it's got a way of not signing in, just like Android has a cancel button on first setup...
Who is this cretin Matthew Green? It sounds like he might have bought his degree in India....
Yeah, my workplace requires the use of many Google services as well. It's really too bad -- but I figure that it's my employer's business, not mine, and it helps remind me to maintain a strict separation between work machines and personal machines. Never the twain shall meet.
I rarely use it - only if I run into problems on a site using Firefox to see if that's the problem (or more likely my adblocker is the problem) It still works fine.
If someone has been dumb enough to login to Chrome previously, surely there's a way to erase that info - if nothing else you could always remove it and reinstall from scratch.
Hardly surprised Google is being this sleazy. I'll bet a future version of Chrome will refuse to work if you don't login to it - which will be the point where I either stick with the older version forever or simply delete it and use something else as my "backup/test browser".
From here:
https://www.theverge.com/2018/5/17/17344250/google-x-selfish-ledger-video-data-privacy
________
To here:
https://www.bloomberg.com/news/articles/2018-08-30/google-and-mastercard-cut-a-secret-ad-deal-to-track-retail-sales
________
To Utopia:
https://en.wikipedia.org/wiki/Social_Credit_System
at the heart of it all is 'OAuth' and subscribing to Google or Microsoft's services, such that if you're already logged in via google, or 'Microsoft Login' then oauth can silently track you without your knowledge. This article talks about doing this with 'Bing Ads':
https://docs.microsoft.com/en-us/bingads/guides/authentication-oauth?view=bingads-12
It may be 'bending the rules' a bit (to heavily track you without ANY consent) but I doubt they'd get CAUGHT doing it if they did...
> at the heart of it all is 'OAuth' and subscribing to Google or Microsoft's services, such that if you're already logged in via google, or 'Microsoft Login' then oauth can silently track you without your knowledge. This article talks about doing this with 'Bing Ads':
This is why I won't sign up to Medium - they want you to use either your Google or Facebook account and I won't do that. No idea why they won't let you use a local account - after all, they claim to want to use a new & different model of monetisation.
You're not missing much on Medium besides a lot of whining from spoiled millennials who think that not getting their way or that their free range organic latte and avocado toast is cold is racism and/or sexism and that the world owes them a free ride when they've never worked a day in their mollycoddled lives, so consider it a blessing in disguise.
I've found that people who are actually doing something about actual injustice and putting themselves at risk to do so, instead of whining about it and doing the perpetrators a favor by exhausting public opinion are rarely after the victimbux for their Patreon from their Medium posts.
Yep, and Alliance Data's Epsilon owns Abacus, the ad database that nobody knows about which Doubleclick also owned.
I'd honestly be more worried about Alliance Data Systems than Google. Google gets scrutinized. Alliance really does not and they have so much data on everyone that it would make your head spin, and a huge majority (basically everything that isn't in their credit card business) of it isn't secured all that well
Its interesting how even google employees are being mushroomed - not just users.... This latest news is another cut on the road to dystopia... Will there come a point where Google employees just say no more and down tools! Especially staff who arrive later, the ones who don't get juicy stock options...
________________
"We urgently need more transparency, a seat at the table, and a commitment to clear and open processes. Google employees need to know what we're building," the letter said.
https://www.bbc.co.uk/news/business-45216554
"Will there come a point where Google employees just say no more and down tools"
I don't know about that, but I do know that I have grown suspicious of the ethical sense of people who work for Google (and Facebook, and Microsoft). It may not be fair, but there's a part of me that thinks that people with a strong sense of ethics would have already quit.
I hate new "improved" UIs more than most, but I must say I barely noticed the extra roundedness. Everything about the tab bar is inexplicably more grey and harder to read, but aside from that it's pretty much the same as before. I'm even finding it hard to get too riled about the GMail UI update (other than those stupid non-optional automatically suggested replies!)... I think I must just be getting old and worn out!
I am also amongst those who don't use Chrome on computers I care about though... I dislike Mozilla as much as Google and have resorted to Pale Moon for most of my browsing.
Chrome User: "You're grabbing our credentials and logging us into your previously-optional services without our consent or control! The only indication is an easily-overlooked color change to the "user" icon in the corner!"
Google: "What? Yes! You're welcome! We care deeply about our users and their safety, so we made a visible indicator that you were still logged in, in case you were sharing your device with someone else. Now they can log you out and then log themselves in separately! Keeping their browsing history separate from yours, and thus more accurate."
I'm not sure if this is the URL that Google uses to connect to it's other services or not but when using Chrome's "net-internals" function (which is excellent for diagnosing issues BTW), one of the first connections Chrome attempts to make is:
"https://accounts.google.com/ListAccounts?"
I use different web browsers depending on what task I am performing.
Chrome is excellent for viewing, streaming or casting videos for instance.
(I just wish Google had kept with it's original mantra of "Don't be Evil")
The following is familiar to many:
Fool me once, shame on you. Fool me twice, shame on me.
A forgotten extension of this is:
Expecting fools to not act as fools is itself foolish.
Google is doing what Google has always done. If Google does not see a way to profit from it, Google does not do it. Nothing Google makes has ever been free (without cost) - not Gmail, not Google Voice, not Blogger, not anything; sure, the cost is not monetary (at least, not directly), but in every instance this is because Google takes something far more valuable than mere money - and this should scare the pants off anyone who uses ANYTHING Google, including Google's "free" DNS, which is a fantastic way to tell Google everything you and your device(s) do online and exactly when and from where you do it.
Forget cookies. Judicious policing of the data left behind on one's device from prior browsing sessions was too little, too late TEN YEARS AGO.
The real problem here - and the only problem - is so unpleasant and inconvenient for most people that the media doesn't bother writing about it, and don't blame the media either because it's acting the way it always has (look up the front page from a newspaper from the 1800s and it will make what you see today appear downright dignified); the media will not put anything in front of you unless the media believes you WANT to see it AND that it will lead to your support of the media, direct (subscriptions, etc.) or indirect (advertising, social media promotion, etc.). Do not even bother being outraged by this - if you do, you're MISSING THE POINT.
The problem, which is not so much a problem as just a few facts of Reality, is:
The READER/VIEWER/LISTENER is RESPONSIBLE for what he CHOOSES to BELIEVE of what he READS/VIEWS/HEARS. If someone lies to you and you choose to believe him, what happens to you as a result is YOUR fault. If someone passes counterfeit currency to you and you CHOOSE to accept it as legitimate, YOU bear the LOSS. BLAME SOLVES NOTHING. When you blame someone for something, you are effectively admitting you have learned NOTHING and asking Circumstance to give you ANOTHER LESSON. How many lessons do you need?
No two web users see the same web. Even if you've never declared a single preference (and that would be remarkable), you have been identified and tracked and logged and analyzed by the signature of your device (OS, browser, mobile/desktop, various configs including browser tools/extensions/plugins/language packs, ISP, screen size (if you've ever maximized your browser), etc.), IP and its location, DNS queries (from your active browsing/web use AND whatever clandestine app chatter goes on in the background), daily web use habits (timing, frequency, etc.), where you shop, what you buy, the list goes on.
NOTHING IS FREE. EVER. PERIOD. If you disagree, you ARE paying for SOMETHING in a way you are NOT aware of and NEED to figure out WHAT you are LOSING RIGHT NOW because whoever is TAKING it from you VALUES it MORE than MONEY and you may NOT be able to EVER GET IT BACK. MONEY is CHEAP next to what people surrender EVERY DAY online.
For morbid amusement:
Count how many times you see or click a "submit" button in the course of a single day (it's worth noting that the label of the button may be "OK" or "Done" or "Tweet" or "Post" or "Agree" but in ALL cases, the underlying source code refers to the button and its action as "submit"). And what are some synonyms for submit?
Yield, condone, and - my favorite - SURRENDER.
EASY NEVER IS. If you think something is easy, you are not looking far enough ahead. Easy ALWAYS costs more than SIMPLE and the two are NEVER the same. "Feel goods" are not "do goods."
Companies like Google exist because they are ALLOWED to exist. They are NOT brilliant or even intelligent, and have already sown the seeds of their own destruction. They are two-faced, self-serving, predatory entities that would not have an ounce of money or power if people were not ADDICTED to EASY.
It all comes down to LANGUAGE. If you think the words you use mean whatever you intend them to mean, you are speaking your OWN, UNIQUE language that NO ONE ELSE ON EARTH understands, and if you HAPPEN to communicate what you intended, you owe a debt to CHANCE. The SOLE purpose of language is COMMUNICATION, and language ALWAYS communicates. If you like using long words where short words would suffice, you are communicating your insecurity and pretension. If you use words you don't understand, you are admitting to not knowing what you're talking about and having little respect for the time of your audience.
When the police start investigating a crime, they have no idea who committed it. How do they find a suspect? Not by asking WHO, but by asking WHY - because EVERYTHING that ANYONE has EVER DONE has a MOTIVE behind it. Better yet, what makes sense to one human being CAN MAKE SENSE to ANY OTHER human being, though there tends to be intense, reflexive (irrational) opposition to this fact when the motives and/or actions involved are unseemly; words like "crazy" and "evil" are popular choices by people trying to excuse and rationalize their decisions to conveniently ignore the common human traits/elements/desires/needs behind "the unseemly," and this avoidance (aka easy) comes at the cost of having more "unseemly" visited on more victims in the future.
The point is that we humans are not always transparent with our motives. Sometimes we aren't sure of them ourselves, sometimes we don't WANT to know, sometimes we know but don't want ANYONE ELSE to know, and sometimes we don't realize that there even ARE other people who think DIFFERENTLY or who DISAGREE because we spend much of our time in a web-based digital cocoon of our own preferences where the comfortable and convenient (aka easy) feeling of having millions of users* agree with and support our ignorance - as long as our ignorance is the same as their ignorance - is just a click or tap away.
*Not necessarily "people," and the ones that ARE people may not be UNIQUE people. Would you get the same comfort in numbers if chad4415, bongoman7, sarafauxfera, and legionelle were algorithmic projections from a server farm in New Mexico? Can you ever know if they are or not? (Rhetorical.)
There is ALWAYS a person behind the words, and "can't see him" is NOT the same as "can't be seen" or "no one's there" (just like "i couldn't do it" doesn't mean "no one can do it" / "it's impossible," yet which of these do we hear more often? The EASY one? oooOOOOooo.) That person has a motive, a reason for choosing the words you see and the order you read. If you are not asking yourself WHY the words you see are the words you see or WHAT the person behind the words GAINS if you choose to believe those words, you would be BETTER OFF ILLITERATE because at least then you would KNOW that you can't READ and would not be manipulated that way. (Better to be blind and know it than be blind and think you can see; beyond the obvious danger to self in the latter case, what about friends and loved ones to whom one, say, confidently gives a map or directions or a summary of a contract so they don't have to read it?).
Your time is the most precious thing you have. Make sure you're not unknowingly dancing for someone else, because no one will value your time more than you and, unlike money, you can never get it back. (You can make something of loss by learning from it, but that's easier said than done, judging by the popularity of, say, blaming Google for being Google (aka easy) rather than dealing with the uncomfortable fact that you SOLD some part of your time or yourself to Google for far less than it's worth - and converting that frustration into meaningful effort to not make the same mistake again (aka simple).
"Fool me differently" is no better than "fool me twice."
All the best.